Hi,
As I found .hdb and .db formats contain signatures of any malwares (Not just PE
ones) and .mdb format contains signatures of PE malwares.
I'm not sure if I'm completely right. I would be very thankful to you if you
correct my sentences.
Best Regards
Dear Mr.Zidouemba,
What do you mean by 'deprecated' for .db files?
From: Alain Zidouemba
To: ClamAV users ML
Sent: Tuesday, November 6, 2012 3:58 AM
Subject: Re: [clamav-users] Signature files
.db file: deprecated
.hdb file: signatures based on md5 of file.
Dear Member List,
I'm studying on source code of ClamAV. Which folder ralates to 'Signature
Matching' phase?
Best Regards
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dear Member List,
I have faced with an antivirus project which uses Clam signatures. For checking
if a new suspicious file is virus or benign (signature matching phase), it acts
as follows.
If the file is PE Then
Compare it with .hdb & .mdb signatures
If it hasn't yet detected as virus The
Dear Mr.Zidouemba,
Many thanks for your complete reply. I've read this pdf file and also the file
written by you (Writing ClamAV Signatures, 2009). I've downloaded Clam
Signatures, but they do not contain logical signatures (.ldb)!
Best Regards
From: A
Dear Member List,
I have faced with an anti virus project which uses Clam signatures. It uses
Aho-Corasick algorithm for signature matching. I want to apply a replacement
for Aho-Corasick algorithm, which has a better performance and preferably
covers all kinds of signatures (especially .ndb o
